Re: Linux security
>I was having a discussion with my ISP about Linux. He said he uses Windows NT
>because it is much more secure than Linux. He stated that since the source
>code was available that it was very unsecure. He mentioned something about
That is apparently a VERY wrong statement. Just because
the source is out, does not make the system insecure.
Open source allows programmers from around the world to
collaborate, and eliminate bugs fast. With open source, one
has complete insurance there are no back doors, or some
other nasty things.
>attaining root access by downloading /etc/passwd and de-crypting the
>passwords. He bases this on a source called cicia.org. He said it reflected
People who do not use shadow should be shot!
In ancient versions of UNIX, passwords were indeed stored
( encrypted ) in /etc/passwd. Shadow passwords
eliminates that. It moves all of the encrypted files to
a file, that is readable by administrator ( root ) only.
( If root is compromised, system is doomed anyway )
In short -- it's not true. If passwords are stored in
/etc/passwd, whoever is responsible for the system is not
worth $1/day.
>several cases of insecurity regarding Linux. I would like to know from a more
'Several cases' out of what -- 1000? What about NT?
Open source allows for patches to be distributed v.
quickly, and problem is fixed before MS publicly
admits that bug is present in their products...
>qualified source as to how to respond to this. I have been using Debian for
>a few months now and thoroughly enjoy it. Not only as an operating system,
>but for the documentation and the learning experience.
Good luck in your quest.
I'm ready to put Linux against NT any day. ( I'm not even
talking about day-to-day administration. )
If you want to hear more assurances from people who
actually run ISPs, e-mail debian-isp list.
>Thank you for your time and attention.
No problem.
-Nikita
--
Even God cannot change the past.
-- Joseph Stalin
Reply to: